package com.qiaoya.security;

import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.web.cors.CorsUtils;

/**
 * @author Xiaoyue Xiao
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

	@Override
	public void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll().antMatchers("**/api/**")
		.permitAll()
				//.antMatchers("**/api/**").authenticated()/* .permitAll() */
				// .antMatchers("**/memcard/**").authenticated()
				//.antMatchers(HttpMethod.POST, "/api/v1/UserBase/RegisterUserApi**").permitAll()
				.antMatchers(HttpMethod.GET, "/swagger/**").permitAll()
				.antMatchers(HttpMethod.GET, "/swagger-ui.html**").permitAll()
				.antMatchers(HttpMethod.GET, "/swagger-ui.html#").permitAll()
				//.anyRequest().authenticated()
				;
		/*
		 * .antMatchers(HttpMethod.OPTIONS, "/oauth/token", "/rest/**",
		 * "/api/**", "/**").and().csrf().disable()
		 */
		//
	}

}
